In the wave of the Covid-19 pandemic and the ensuing lockdowns, many Americans experienced increased symptoms of anxiety and depression. As hospitals and doctors were overloaded with Covid patients, and people were stuck at home, individuals suffering from mental health illnesses had very few places to turn to seek treatment.
Unable to access adequate treatment, many Americans turned to telehealth for relief from their very immediate and incredibly real mental health issues. Telehealth, in general, is the provision of healthcare remotely by means of telecommunication technology. It can include anything from video conferencing with a primary care physician to managing prescription medications. Telehealth also includes mental health treatments including online therapy, counseling, and managing medications used to treat mental illnesses.
When it comes to mental health treatment, many Americans who were seeking treatment for symptoms of anxiety and depression turned to therapy apps for help.
What are therapy apps and why are they used?
Therapy apps are smartphone applications that allow individuals to connect remotely with counselors and therapists to speak via video chat, voice call, and/or text messages to seek treatment for mostly anxiety, depression, and substance abuse issues. The apps can also be used to track individual progress with mental health conditions and coordinate with primary care physicians to obtain medications and additional in-person services.
Some of the most commonly used therapy apps are BetterHelp, Talkspace, Larkr, ReGain, and TeenCounseling. During the pandemic when people were largely spending a lot of time at home and in isolation, the therapy app industry surged as people turned to a convenient option to seek some relief from their anxiety and depression.
What kind of patient data do therapy apps collect?
According to a Consumer Reports investigation and the ACLU, it was discovered that many of the top therapy apps were collecting extensive metadata on their users. For example, it was discovered that the app Betterhelp collected and stored metadata that contained information such as how long an individual uses the app, how long their therapy sessions are, how long they are sending messages on the app, what times they log in, what times they send messages or speak to their therapist, how often they use the app, and their approximate location.
This is not out of the ordinary for many applications, however, many users were unaware that their personal health information was not being protected by HIPAA laws. Additionally, many users were never given the opportunity to opt out of having their information shared with third parties.
According to the U.S. Department of Health and Human Services (HHS), HIPAA Rules generally do not protect the privacy and security of your health information when it is accessed through or stored on your personal cell phones or tablets.
HIPAA regulations apply only when personal health information is created, received, maintained, or transmitted by covered entities and business associates. Covered entities typically include health plans, most health care providers, and health care clearinghouses.
For most Americans, it is assumed that all personal health information is protected by federal law, however, that is not the case. The federal government has yet to fully grasp the impact that the big tech and data broker industries have on society and how these industries need to be regulated to protect individual liberty and the right to privacy.
How are data brokers profiting from your mental health data?
Data brokers who purchase personal health metadata from therapy apps currently are unrestricted when it comes to whom they sell the information to and how these third parties use it. Many organizations that advocate for privacy have warned government officials and consumers about the unregulated data trade and how the sale of personal health information could not only be used by advertisers but could also be used by cyber criminals and other entities for predatory purposes.
One main way that data brokers profit from selling mental health data is by selling the information to advertisers. Advertisers then can use the information to create targeted ads for mental health conditions on social media platforms and through email ad campaigns. For example, with the mental health metadata an advertiser purchases, the advertiser could create ads for various medications, specific products, or other mental health services while knowing who to target and where these individuals live.
Also, another example is that if they knew someone was suffering from depression, they could explicitly target the individual with ads for weight loss products, cosmetics, or other goods and services that can alter an individual’s appearance.
It is not just the fact that advertisers can target individuals with certain mental health issues with specific products, but they can also shape the language of their ads to exploit people who may be suffering from different mental health ailments. For example, someone who is suffering from anxiety may respond more effectively to advertisements that use alarming and fear-inducing language and imagery. Someone with depression may respond to advertisements at odd hours of the day or ads with more uplifting and encouraging verbiage.
These are only a few examples of why the mental health metadata that is harvested through therapy apps is so valuable. In the past, this type of personal health information was extremely private. It is only now that the marketing industry has access to this information through data brokers and therapy apps.
Related article: the 6 Best Tools to Support HIPAA Compliance for Remote Healthcare Providers.
What is being done to protect your mental health data?
As it is pretty standard for smartphone applications to collect metadata on their users and sell it to data brokers to be resold for profit, the use of personal health information to be sold in the same manner is under debate. In general, the government is slow to react when it comes to regulating the big tech and data broker industries.
Many advocacy groups are calling for the expansion of HIPAA to include digital medical information. Others, like Senators Bernie Sanders and Elizabeth Warren, are working on specific legislation that would target smartphone apps and the trade of personal health and location data.
This legislation, the Health and Location 5 Data Protection Act of 2022 could go a long way to help protect individual liberty and the right to privacy when it comes to regulating the telehealth industry and therapy apps.
However, until this bill passes, or an expansion of HIPAA occurs, it is important that people understand that any personal health information that they share on their digital devices does not come with the same protections as when they visit their doctor.
Related article: Is HIPAA Out of Date?
PatientCalls Medical Answering Service Is Serious about Data Security
Learn more about how our answering service for medical offices works directly with your EMR system and ensures the privacy and security of your patients’ data and complies with HIPAA regulations.